TF 0223 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
DynamoDB tables should use at rest encryption with a Customer Managed Key
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | dynamodb |
| Provider | AWS |
Description
DynamoDB tables are configured to use AWS-managed encryption keys instead of customer-managed KMS keys, limiting control over key management, rotation, and access policies. This reduces the ability to customize encryption practices to organizational security requirements.
Impact
Relying on AWS-managed keys restricts granular control over how table data is encrypted and who can access or rotate the keys. If compromised, sensitive data could be at greater risk due to less stringent or customizable key management, potentially leading to unauthorized data exposure or compliance issues.
Resolution
Enable server side encryption with a customer managed key